Cross-site scripting vulnerability in Webaccess.

  • 10098301
  • NOVL102768
  • 15-Jul-2005
  • 27-Jul-2005

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.


Novell GroupWise 6.5


Cross-site scripting vulnerability in Webaccess.


An outside security researcher reported a cross-site scripting vulnerability in GroupWise Webaccess.  In certain circumstances, it was possible for a specifically-crafted malicious email to execute javascript code within the user's browser.


This has been fixed in any build of GroupWise 6.5 webaccess dated after July 11, 2005.  This fix will also be included in GroupWise 6.5 SP5.

Field test files for GroupWise 6.5 are available here:


Novell acknowledges Francisco Amato for discovering this vulnerability and working with Novell to get it fixed.